Identity & Access Management

Organizations demand flexibility when it comes to application access along with the security of proven user identity. With applications being delivered across the web and the number of users who need access always multiplying, a new way to manage non-corporate identities is needed as companies leverage partnership value.

This has led to a greater reliance on the Identity and Access Management (I&AM) solutions. Leading companies already offer customers suite-based approaches, although the level of required commitment and investment sometimes intimidate prospective customers. Yet, Oracle Identity and Access Management (IDM) can still deliver proven value.

First and foremost, identity management functionality provides facilities and processes to store and manage the identities of valid users allowed access to information held within a company's systems and networks, but it does more, serving as both an enabler and guardian of business and information.

Provisioning

Provisioning implements an identity lifecycle for users, which is necessary since business moves so fast. With more and more users — from full-time employees to short-term help — granted access to systems and applications, de-provisioning a user's access rights is required every time an employee leaves a company. But without the proper process in place, many companies do not follow through with de-provisioning.

If an identity lifecycle is neglected, access rights that are never revoked in a timely manner can remain valid, leading to scenarios where individuals may retain access beyond the time needed, potentially leading to security risks. According to one estimate, between 30% and 60% of user accounts in many organizations exist without justification.

Automated processes can be integrated with other systems to meet end-to-end business needs so companies can rest assured that only the right users are granted access. Often the human resources department's processes can trigger provisioning.

Many businesses extend the value of identity by combining individuals into groups representing the organizational structure. This often corresponds with the need for similar access rights. Most enterprise-strength I&AM solutions allow roles to also be used as a basis for assigning rights, and can be used to validate that users' access rights are in line with the needs of their position (a requirement branded by Sarbanes-Oxley legislation as "segregation of duties").

What We Provide

Access management is the real-time enforcement of application security using identity-based controls and provisioned access rights. Assuring performance when delivering these services is particularly important, and access across a wide range of resource types represents a key capability.

To achieve this across disparate platforms, businesses can use solutions that deploy agents on target technologies or by using standards-based authorization via Security Assertion Markup Language.

For the normal range of business applications, application access via Web browser, portals, or client screens on different desktop platforms must be taken into account along with the various interface types that legacy applications allow. Organizations should also assess their requirements for access to Web services functionality to ensure that their I&AM solution meets every conceivable need.

Single Sign-on

With Enterprise Single Sign On (SSO) users no longer have to remember and manage passwords for multiple enterprise systems. Instead, an automated system of password management does all the work, and users only have to remember their primary password. As an added advantage passwords for back-end systems are unnecessary when users have SSO, so passwords to back-end systems can be as strong, complex, and unintelligible as necessary to maintain strong security without causing any overhead.

Passwords to back-end systems ("secondary" passwords in SSO speak) can become "zero-touch" passwords, automatically generated within the password management system but never seen by any user. From a security standpoint, these are very strong.

Role Based Access Control

A newer approach to securing your computer systems, role-based access control allows you to assign specific roles to users, rather than assigning permissions to every individual with access to the system. At Addvantum, we can work with you to define and assign roles so every person in your company has exactly as much access as they need to carry out their jobs